NetBSD/bin/systrace/cradle.c
elad ddb0410ecc From deraadt@openbsd:
Wrap bind() to AF_UNIX with umask() to avoid race.
2005-06-25 18:41:30 +00:00

387 lines
8.5 KiB
C

/*
* Copyright (c) 2003 Marius Aamodt Eriksen <marius@monkey.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h>
#include <sys/queue.h>
#include <sys/tree.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <err.h>
#include <errno.h>
#include <event.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <limits.h>
#ifdef __linux__
#include <bits/posix1_lim.h>
#ifndef LOGIN_NAME_MAX
#define LOGIN_NAME_MAX _POSIX_LOGIN_NAME_MAX
#endif
#endif /* __linux__ */
#include "intercept.h"
#include "systrace.h"
extern int connected;
extern char dirpath[];
static struct event listen_ev;
static struct event uilisten_ev;
static int cradle_server(const char *, const char *, const char *);
static void listen_cb(int, short, void *);
static void msg_cb(int, short, void *);
static void ui_cb(int, short, void *);
static void gensig_cb(int, short, void *);
static FILE *ui_fl = NULL;
static struct event ui_ev, sigterm_ev, sigint_ev;
static char buffer[4096];
static char title[4096];
static const char *xuipath, *xpath;
static volatile int got_sigusr1 = 0;
struct client {
struct event ev;
FILE *fl;
int buffered;
TAILQ_ENTRY(client) next;
};
TAILQ_HEAD(client_head, client) clientq;
/* fake signal handler */
static void
sigusr1_handler(int sig)
{
got_sigusr1 = 1;
}
static void
gensig_cb(int sig, short ev, void *data)
{
unlink(xpath);
unlink(xuipath);
rmdir(dirpath);
exit(1);
}
static int
mkunserv(const char *path)
{
int s;
mode_t old_umask;
struct sockaddr_un sun;
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket()");
memset(&sun, 0, sizeof (sun));
sun.sun_family = AF_UNIX;
if (strlcpy(sun.sun_path, path, sizeof (sun.sun_path)) >=
sizeof (sun.sun_path))
errx(1, "Path too long: %s", path);
old_umask = umask(S_IRUSR|S_IWUSR);
if (bind(s, (struct sockaddr *)&sun, sizeof(sun)) == -1)
err(1, "bind()");
umask(old_umask);
if (chmod(path, S_IRUSR | S_IWUSR) == -1)
err(1, "chmod()");
if (listen(s, 10) == -1)
err(1, "listen()");
return (s);
}
static int
cradle_server(const char *path, const char *uipath, const char *guipath)
{
int s, uis;
pid_t pid, newpid;
sigset_t none, set, oldset;
sig_t oldhandler;
sigemptyset(&none);
sigemptyset(&set);
sigaddset(&set, SIGUSR1);
if (sigprocmask(SIG_BLOCK, &set, &oldset) == -1)
err(1, "sigprocmask()");
oldhandler = signal(SIGUSR1, sigusr1_handler);
if (oldhandler == SIG_ERR)
err(1, "signal()");
xpath = path;
xuipath = uipath;
pid = getpid();
newpid = fork();
switch (newpid) {
case -1:
err(1, "fork()");
case 0:
break;
default:
/*
* Parent goes to sleep waiting for server to start.
* When it wakes up, we can start the GUI.
*/
sigsuspend(&none);
if (signal(SIGUSR1, oldhandler) == SIG_ERR)
err(1, "signal()");
if (sigprocmask(SIG_SETMASK, &oldset, NULL) == -1)
err(1, "sigprocmask()");
if (got_sigusr1) {
requestor_start(guipath, 1);
return (0);
} else
return (-1);
}
setsid();
snprintf(title, sizeof(title), "cradle server for UID %d", getuid());
setproctitle(title);
TAILQ_INIT(&clientq);
event_init();
s = mkunserv(path);
uis = mkunserv(uipath);
signal_set(&sigterm_ev, SIGTERM, gensig_cb, NULL);
if (signal_add(&sigterm_ev, NULL) == -1)
err(1, "signal_add()");
signal_set(&sigint_ev, SIGINT, gensig_cb, NULL);
if (signal_add(&sigint_ev, NULL) == -1)
err(1, "signal_add()");
event_set(&listen_ev, s, EV_READ, listen_cb, NULL);
if (event_add(&listen_ev, NULL) == -1)
err(1, "event_add()");
event_set(&uilisten_ev, uis, EV_READ, listen_cb, &listen_cb);
if (event_add(&uilisten_ev, NULL) == -1)
err(1, "event_add()");
kill(pid, SIGUSR1);
event_dispatch();
errx(1, "event_dispatch()");
/* NOTREACHED */
/* gcc fodder */
return (-1);
}
void
cradle_start(const char *path, const char *uipath, const char *guipath)
{
int s;
struct sockaddr_un sun;
s = socket(AF_UNIX, SOCK_STREAM, 0);
if (s == -1)
err(1, "socket()");
memset(&sun, 0, sizeof(sun));
sun.sun_family = AF_UNIX;
if (strlcpy(sun.sun_path, path, sizeof (sun.sun_path)) >=
sizeof (sun.sun_path))
errx(1, "Path too long: %s", path);
while (connect(s, (struct sockaddr *)&sun, sizeof(sun)) == -1) {
if (errno != ENOENT)
err(1, "connect()");
if (cradle_server(path, uipath, guipath) == -1)
errx(1, "failed contacting or starting cradle server");
}
if (dup2(s, fileno(stdin)) == -1)
err(1, "dup2");
if (dup2(s, fileno(stdout)) == -1)
err(1, "dup2");
setlinebuf(stdout);
connected = 1;
}
static void
listen_cb(int fd, short which, void *arg)
{
int s, ui = arg != NULL;
struct sockaddr sa;
struct client *cli;
socklen_t salen = sizeof(sa);
struct event *ev;
s = accept(fd, &sa, &salen);
if (s == -1) {
warn("accept()");
goto out;
}
if (ui) {
if (ui_fl != NULL)
goto out;
if ((ui_fl = fdopen(s, "w+")) == NULL)
err(1, "fdopen()");
setvbuf(ui_fl, NULL, _IONBF, 0);
event_set(&ui_ev, s, EV_READ | EV_PERSIST, ui_cb, NULL);
/* Dequeue UI-pending events */
while ((cli = TAILQ_FIRST(&clientq)) != NULL) {
TAILQ_REMOVE(&clientq, cli, next);
msg_cb(fileno(cli->fl), EV_READ, cli);
if (ui_fl == NULL)
break;
}
if (event_add(&ui_ev, NULL) == -1)
err(1, "event_add()");
} else {
if ((cli = calloc(1, sizeof(*cli))) == NULL)
err(1, "calloc()");
if ((cli->fl = fdopen(s, "w+")) == NULL)
err(1, "fdopen()");
setvbuf(cli->fl, NULL, _IONBF, 0);
event_set(&cli->ev, s, EV_READ, msg_cb, cli);
if (event_add(&cli->ev, NULL) == -1)
err(1, "event_add()");
}
out:
ev = ui ? &uilisten_ev : &listen_ev;
if (event_add(ev, NULL) == -1)
err(1, "event_add()");
}
static void
msg_cb(int fd, short which, void *arg)
{
struct client *cli = arg;
char line[4096];
if (ui_fl == NULL) {
TAILQ_INSERT_TAIL(&clientq, cli, next);
return;
}
/* Policy question from systrace */
if (!cli->buffered)
if (fgets(buffer, sizeof(buffer), cli->fl) == NULL)
goto out_eof;
cli->buffered = 0;
if (fputs(buffer, ui_fl) == EOF)
goto out_uieof0;
again_answer:
/* Policy answer from UI */
if (fgets(line, sizeof(line), ui_fl) == NULL)
goto out_uieof0;
if (fputs(line, cli->fl) == EOF)
goto out_eof;
/* Status from systrace */
while (1) {
if (fgets(line, sizeof(line), cli->fl) == NULL)
goto out_eof;
if (fputs(line, ui_fl) == EOF)
goto out_uieof1;
if (strcmp(line, "WRONG\n") == 0)
goto again_answer;
if (strcmp(line, "OKAY\n") == 0)
break;
}
out_event:
if (event_add(&cli->ev, NULL) == -1)
err(1, "event_add()");
return;
out_eof:
fclose(cli->fl);
free(cli);
return;
out_uieof0:
fclose(ui_fl);
ui_fl = NULL;
cli->buffered = 1;
TAILQ_INSERT_HEAD(&clientq, cli, next);
return;
out_uieof1:
fclose(ui_fl);
ui_fl = NULL;
while (1) {
/* We have a line coming in... */
if (strcmp(line, "WRONG\n") == 0)
if (fputs("kill\n", cli->fl) == EOF)
goto out_eof;
if (strcmp(line, "OKAY\n") == 0)
break;
if (fgets(line, sizeof(line), cli->fl) == NULL)
goto out_eof;
}
goto out_event;
}
/*
* Hack to catch "idle" EOFs from the UI
*/
static void
ui_cb(int fd, short which, void *arg)
{
char c;
fread(&c, sizeof(c), 1, ui_fl);
if (feof(ui_fl)) {
ui_fl = NULL;
event_del(&ui_ev);
} else
warnx("Junk from UI");
}